Author | Chu Yan Lawyer
In the recent period, the Bybit exchange encountered the largest cryptocurrency theft incident in the industry, with the North Korean hackers stealing about $1.4 billion in cryptocurrencies from Bybit's cold wallet. According to the information disclosed by Bybit CEO @benbybit on X, the North Korean hacker organization exchanged most of the stolen ETH for BTC through THORChain, about 16% of the involved funds were transferred to ExCH, and 8% were exchanged through the OKX Web3 proxy contract.
Subsequently, Bloomberg reported that the European Union's cryptocurrency regulatory agency is reviewing the use of the OKX wallet service by the theft hackers to exchange and mix the stolen cryptocurrencies. OKX announced through an official announcement that after consulting with the regulatory authorities, it has decided to temporarily suspend its DEX aggregator service.
So why did the decentralized self-custodial OKX Web3 wallet decide to temporarily suspend the DEX aggregation service? What regulations on cryptocurrency assets in the EU might the cryptocurrency industry's wallet services violate?
Whether OKX DEX service falls within the scope of MiCA regulation
The regulatory authority reviewing this case is the European Securities and Markets Authority (ESMA), and the main legal regulation on cryptocurrency regulation in the EU is the EU Regulation on Markets in Crypto-Assets (MiCA), which will fully come into effect by the end of 2024.
Brief introduction to the MiCA Act
The Act clearly defines the regulatory scope of crypto-assets, dividing the regulated crypto-assets into asset-referenced tokens (ART), electronic money tokens (EMT), and other crypto-asset tokens other than ART and EMT as stipulated in the MiCA Act, and provides detailed regulatory rules.
It proposes specific regulatory requirements for different crypto-asset service providers such as exchanges and institutions. In addition, it also includes content such as preventing and prohibiting insider trading, protecting user rules, and cooperation and investigation between national regulatory authorities.
The legal basis for OKX DEX to be within the scope of MiCA regulation
1. OKX DEX provides crypto-asset services that require licensing under the MiCA Act
The MiCA Act stipulates that if you provide cross-border crypto-asset services within the EU jurisdiction, you need to obtain MiCA authorization as a licensed crypto-asset service provider (CASP).
The definition of crypto-asset services includes exchanging crypto-assets for other crypto-assets and executing crypto-asset transaction orders on behalf of clients.
OKX DEX essentially does not directly provide token exchange liquidity, but is a liquidity aggregator. In simple terms, if a user wants to exchange 1 Bitcoin (BTC) in their OKX Web3 wallet for an equivalent amount of Ethereum (ETH), OKX DEX will use an algorithm to calculate the optimal exchange path and help the user achieve the exchange of crypto-assets.
Although OKX DEX does not use its own funds to help clients exchange tokens, it does not belong to the exchange of crypto-assets for other crypto-assets. But it is very likely that the regulatory authorities will determine that it represents the execution of orders for the subscription or sale of crypto-assets on behalf of clients, and if it is within the EU jurisdiction, it needs to apply for a CASP license under MiCA.
2. OKX DEX is not a completely decentralized protocol and cannot avoid MiCA regulation.
The MiCA Act stipulates that if crypto-asset services are provided in a completely decentralized manner without any intermediaries, they are not within the scope of this regulation.
Although the OKX Web3 wallet is a decentralized self-custodial wallet, the wallet service page is integrated with the OKX exchange, and according to Bloomberg's report, the operating entity of the OKX Web3 wallet is OKX's Singapore entity.
Therefore, it is difficult to determine that the DEX aggregation service provided by the OKX Web3 wallet is a completely decentralized protocol, and it cannot avoid the regulation of the MiCA Act.
Why OKX DEX urgently suspended its service
Once OKX DEX is determined to be within the scope of MiCA regulation, the current aggregation proxy service of the OKX Web3 wallet has been exploited by North Korean hackers for money laundering. According to Article 64, Paragraph 7 of the MiCA Act, if a crypto-asset service provider fails to establish an effective system to detect, prevent anti-money laundering and counter-terrorist financing, the competent authority will revoke its MiCA license authorization.
OKX officially announced in January this year that it has obtained a MiCA license with Malta as the host country. If the OKX DEX violates the anti-money laundering regulations, it may affect the MiCA license it just obtained.
In addition, the MiCA Act also stipulates that before revoking the authorization of a crypto-asset service provider, the competent authority may consult the institution responsible for supervising the crypto-asset service provider's compliance with anti-money laundering and counter-terrorist financing rules.
So this morning, OKX CEO Star explained on X that the OKX Web3 wallet has launched functions such as banning specific IPs and real-time blacklist detection and prevention systems to combat related money laundering crimes. The purpose is to let the anti-money laundering regulatory authorities understand that the OKX Web3 wallet has already equipped the necessary on-chain anti-money laundering detection and prevention systems for its crypto-asset services, in order to avoid or mitigate the potential regulatory penalties.
Summary and Outlook
As the traffic entrance from the real world to Web3, on-chain wallets carry the crypto industry's aspiration for a decentralized world. The leading decentralized exchanges are all working hard to develop on-chain businesses, and OKX is far ahead in the product experience of on-chain wallets, but it is currently facing compliance issues.
Attentive readers may have noticed that after Binance went through regulatory compliance rectification, the wallet function is included within the centralized exchange. If you want to use the Binance wallet, you must register a Binance account, and cannot use it directly like the OKX wallet, which is completely separated from the OKX exchange account.
As the regulation of the cryptocurrency industry is improved globally, wherever there are people, there will be regulation. Therefore, future on-chain wallet services must be equipped with corresponding on-chain anti-money laundering systems to detect, prevent and combat on-chain crimes, in order to provide cryptocurrency asset services under the regulatory compliance system.
In the recent period, the Bybit exchange encountered the largest cryptocurrency theft incident in the industry, with the North Korean hackers stealing about $1.4 billion in cryptocurrencies from Bybit's cold wallet. According to the information disclosed by Bybit CEO @benbybit on X, the North Korean hacker organization exchanged most of the stolen ETH for BTC through THORChain, about 16% of the involved funds were transferred to ExCH, and 8% were exchanged through the OKX Web3 proxy contract.
Subsequently, Bloomberg reported that the European Union's cryptocurrency regulatory agency is reviewing the use of the OKX wallet service by the theft hackers to exchange and mix the stolen cryptocurrencies. OKX announced through an official announcement that after consulting with the regulatory authorities, it has decided to temporarily suspend its DEX aggregator service.
So why did the decentralized self-custodial OKX Web3 wallet decide to temporarily suspend the DEX aggregation service? What regulations on cryptocurrency assets in the EU might the cryptocurrency industry's wallet services violate?
Whether OKX DEX service falls within the scope of MiCA regulation
The regulatory authority reviewing this case is the European Securities and Markets Authority (ESMA), and the main legal regulation on cryptocurrency regulation in the EU is the EU Regulation on Markets in Crypto-Assets (MiCA), which will fully come into effect by the end of 2024.
Brief introduction to the MiCA Act
The Act clearly defines the regulatory scope of crypto-assets, dividing the regulated crypto-assets into asset-referenced tokens (ART), electronic money tokens (EMT), and other crypto-asset tokens other than ART and EMT as stipulated in the MiCA Act, and provides detailed regulatory rules.
It proposes specific regulatory requirements for different crypto-asset service providers such as exchanges and institutions. In addition, it also includes content such as preventing and prohibiting insider trading, protecting user rules, and cooperation and investigation between national regulatory authorities.
The legal basis for OKX DEX to be within the scope of MiCA regulation
1. OKX DEX provides crypto-asset services that require licensing under the MiCA Act
The MiCA Act stipulates that if you provide cross-border crypto-asset services within the EU jurisdiction, you need to obtain MiCA authorization as a licensed crypto-asset service provider (CASP).
The definition of crypto-asset services includes exchanging crypto-assets for other crypto-assets and executing crypto-asset transaction orders on behalf of clients.
OKX DEX essentially does not directly provide token exchange liquidity, but is a liquidity aggregator. In simple terms, if a user wants to exchange 1 Bitcoin (BTC) in their OKX Web3 wallet for an equivalent amount of Ethereum (ETH), OKX DEX will use an algorithm to calculate the optimal exchange path and help the user achieve the exchange of crypto-assets.
Although OKX DEX does not use its own funds to help clients exchange tokens, it does not belong to the exchange of crypto-assets for other crypto-assets. But it is very likely that the regulatory authorities will determine that it represents the execution of orders for the subscription or sale of crypto-assets on behalf of clients, and if it is within the EU jurisdiction, it needs to apply for a CASP license under MiCA.
2. OKX DEX is not a completely decentralized protocol and cannot avoid MiCA regulation.
The MiCA Act stipulates that if crypto-asset services are provided in a completely decentralized manner without any intermediaries, they are not within the scope of this regulation.
Although the OKX Web3 wallet is a decentralized self-custodial wallet, the wallet service page is integrated with the OKX exchange, and according to Bloomberg's report, the operating entity of the OKX Web3 wallet is OKX's Singapore entity.
Therefore, it is difficult to determine that the DEX aggregation service provided by the OKX Web3 wallet is a completely decentralized protocol, and it cannot avoid the regulation of the MiCA Act.
Why OKX DEX urgently suspended its service
Once OKX DEX is determined to be within the scope of MiCA regulation, the current aggregation proxy service of the OKX Web3 wallet has been exploited by North Korean hackers for money laundering. According to Article 64, Paragraph 7 of the MiCA Act, if a crypto-asset service provider fails to establish an effective system to detect, prevent anti-money laundering and counter-terrorist financing, the competent authority will revoke its MiCA license authorization.
OKX officially announced in January this year that it has obtained a MiCA license with Malta as the host country. If the OKX DEX violates the anti-money laundering regulations, it may affect the MiCA license it just obtained.
In addition, the MiCA Act also stipulates that before revoking the authorization of a crypto-asset service provider, the competent authority may consult the institution responsible for supervising the crypto-asset service provider's compliance with anti-money laundering and counter-terrorist financing rules.
So this morning, OKX CEO Star explained on X that the OKX Web3 wallet has launched functions such as banning specific IPs and real-time blacklist detection and prevention systems to combat related money laundering crimes. The purpose is to let the anti-money laundering regulatory authorities understand that the OKX Web3 wallet has already equipped the necessary on-chain anti-money laundering detection and prevention systems for its crypto-asset services, in order to avoid or mitigate the potential regulatory penalties.
Summary and Outlook
As the traffic entrance from the real world to Web3, on-chain wallets carry the crypto industry's aspiration for a decentralized world. The leading decentralized exchanges are all working hard to develop on-chain businesses, and OKX is far ahead in the product experience of on-chain wallets, but it is currently facing compliance issues.
Attentive readers may have noticed that after Binance went through regulatory compliance rectification, the wallet function is included within the centralized exchange. If you want to use the Binance wallet, you must register a Binance account, and cannot use it directly like the OKX wallet, which is completely separated from the OKX exchange account.
As the regulation of the cryptocurrency industry is improved globally, wherever there are people, there will be regulation. Therefore, future on-chain wallet services must be equipped with corresponding on-chain anti-money laundering systems to detect, prevent and combat on-chain crimes, in order to provide cryptocurrency asset services under the regulatory compliance system.
